Port forwarding with rinetd under Debian
With rinetd instead of iptables even http and https traffic can be forwarded. This offers numerous possibilities with a very simple implementation at the same time. Because rinetd has to be installed and configured only shortly.
The installation under Debian is done with
apt-get install rinetd
is possible.
After that the configuration file has to be updated with
nano /etc/rinetd.conf
must be edited. The following (exemplary) content can then be inserted here:
127.0.0.1 80 127.0.0.2 80
127.0.0.1 443 127.0.0.2 443
The first IP address is usually the normal server IP address directly followed by the port, then the forwarding destination including port is entered. Port 80 is used for normal http-traffic and port 443 for https-traffic.
After that rinetd has to be restarted:
service rinetd restart
What problems arise from using port forwarding with rinetd?
The biggest problem is on the forwarding destination side, because the forwarding destination can no longer correctly associate the original client. This complicates the use of firewall rules and tools like Fail2Ban, because in the worst case all clients are blocked at the same time.